CVE-2026-2274

Vulnerability Description

A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network resources via crafted requests to the production cluster. This vulnerability was patched and no customer action is needed.

Related Weaknesses (CWE)

CWE-918

References

https://discuss.google.dev/t/november-23-2025/332118

FAQ

What is CVE-2026-2274?

CVE-2026-2274 is a documented vulnerability. A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network r...

How severe is CVE-2026-2274?

CVSS scoring is not yet available for CVE-2026-2274. Check NVD for updates.

Is there a patch for CVE-2026-2274?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.